Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

According to the act, data brokers would be required to institute a security policy for collecting, using, selling and securing the information they hold, and they would be required to monitor their security systems regularly.

If a breach occurs, the Federal Trade Commission or an independent auditor would review the brokers security plan following a breach, and subsequently the FTC would be permitted to require audits for five years.

If there is a reasonable risk of ID theft, fraud or unlawful conduct as a result of a breach, the company would have to notify U.S. consumers whose data was acquired by an unauthorized person as a result of the breach. The company would also have to notify the FTC and post a notice on its Web site.

"Nobody needs to be left in the dark when their data has been compromised," said Rep. Joe Barton, R-Texas, chairman of the committee.

Consumers would be allowed annual access to their data, and they would have the right to have inaccurate information corrected or marked disputed. The bill also would make it illegal for brokers to obtain data on someone by impersonating that person, a practice known as "pretexting."

The legislation "sends a clear message to the collectors of this information: If you cant protect it, dont collect it," said Rep. John Dingel, D-Mich., adding that additional work needs to be done before Congress votes on the bill.

Several members of the committee sought greater protections for consumers. Rep. Ed Markey, D-Mass., introduced several amendments that were not approved, including a provision to protect data that is sent overseas for handling.

"What happens when this data is sent offshore for storage in a database or for processing?" Markey asked, adding that the bulk of data shipped overseas goes to countries with weak privacy protections, including Bangladesh, Brazil, China, Pakistan and Thailand.

Markey also sought to include a prohibition on buying and selling social security numbers. Barton said it would not be germane to the ID theft bill, but said he is willing to work on separate legislation to protect social security numbers.

The bills author, Rep. Cliff Stearns, R-Fla., said it is endorsed by Microsoft, Entrust and the Business Software Alliance.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest news, views and analysis of technologys impact on government and politics.